Description
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, in `ReadSFWImage()` (`coders/sfw.c`), when temporary file creation fails, `read_info` is destroyed before its `filename` member is accessed, causing a NULL pointer dereference and crash. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
Published: 2026-02-24
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Patch
AI Analysis

Impact

ImageMagick contains a NULL pointer dereference in the ReadSFWImage function, which can cause the application to crash when disk space or permissions prevent temporary file creation. The primary impact is a denial of service through process termination, affecting availability only. The weakness is a null pointer dereference, categorized as CWE‑476.

Affected Systems

The issue affects all releases of ImageMagick prior to version 7.1.2‑15 and 6.9.13‑40, regardless of platform. Any installation that processes SFW images without the patch is vulnerable.

Risk and Exploitability

The CVSS score of 5.3 indicates moderate severity, but the EPSS score of less than 1% shows low exploitation probability. The vulnerability is not listed in the CISA KEV catalog. Attackers can trigger the crash by providing a crafted SFW image that forces a temporary file creation failure; this is inferred because the bug manifests during image decoding and does not grant remote code execution. The result is only a service interruption and does not compromise confidentiality or integrity.

Generated by OpenCVE AI on April 17, 2026 at 16:02 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply ImageMagick 7.1.2‑15 or 6.9.13‑40 or later to include the vendor patch.
  • If an upgrade is not immediately possible, disable the SFW image coder or block processing of SFW files until the patch is applied.
  • Implement monitoring or logging to alert on unexpected ImageMagick crashes that may indicate an exploitation attempt.

Generated by OpenCVE AI on April 17, 2026 at 16:02 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4497-1 imagemagick security update
Debian DSA Debian DSA DSA-6158-1 imagemagick security update
Debian DSA Debian DSA DSA-6159-1 imagemagick security update
Github GHSA Github GHSA GHSA-p33r-fqw2-rqmm ImageMagick has NULL pointer dereference in ReadSFWImage after DestroyImageInfo (sfw.c)
History

Fri, 27 Feb 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 24 Feb 2026 19:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*

Tue, 24 Feb 2026 12:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Moderate

Tue, 24 Feb 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Imagemagick
Imagemagick imagemagick
Vendors & Products Imagemagick
Imagemagick imagemagick

Tue, 24 Feb 2026 01:15:00 +0000

Type Values Removed Values Added
Description ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, in `ReadSFWImage()` (`coders/sfw.c`), when temporary file creation fails, `read_info` is destroyed before its `filename` member is accessed, causing a NULL pointer dereference and crash. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
Title ImageMagick has NULL pointer dereference in ReadSFWImage after DestroyImageInfo (sfw.c)
Weaknesses CWE-476
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L'}

Subscriptions

Imagemagick Imagemagick
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-02-26T15:08:55.743Z

Reserved: 2026-02-05T19:58:01.640Z

Link: CVE-2026-25795

cve-icon Vulnrichment

Updated: 2026-02-26T15:08:49.284Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-24T01:16:14.137

Modified: 2026-02-24T18:46:49.677

Link: CVE-2026-25795

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-02-24T00:54:34Z

Links: CVE-2026-25795 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T16:15:22Z

Weaknesses